Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups

Task-specific groups are often formed in an ad-hoc manner within big structures, like companies. Take the following typical scenario: A high rank manager decides that a task force group for some project needs to be built. This order is passed down the hierarchy where it finally reaches a manager who calls some employees to form a group. The members should communicate in a secure way and for efficiency reasons symmetric systems are the common choice. To establish joint secret keys for groups, group key exchange (GKE) protocols were developed. If the users are part of e.g. a Public Key Infrastructure (PKI), which is usually the case within a company or a small network, it is possible to achieve authenticated GKE by modifying the protocol and particularly by including signatures. In this paper we recall a GKE due to Burmester and Desmedt which needs only $O(\log n)$ communication and computation complexity per user, rather than $O(n)$ as in the more well-known Burmester-Desmedt protocol, and runs in a constant number of rounds. To achieve authenticated GKE one can apply compilers, however, the existing ones would need $O(n)$ computation and communication thereby mitigating the advantages of the faster protocol. Our contribution is to extend an existing compiler so that it preserves the computation and communication complexity of the non-authenticated protocol. This is particularly important for tree based protocols

Computationally-Fair Group and Identity-Based Key-Exchange

In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (re-ferred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an adversary can do the following damages: (1) It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players. (2) It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker. We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange. Then, based on the computationally fair Diffie-Hellman key- exchange in [21], we present some fixing approaches, and prove that the fixed protocols are computationally fair

Securing group key exchange against strong corruptions and key registration attacks

Abstract: In Group Key Exchange (GKE) protocols, users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate security requirements and designing secure GKE protocols appears an interesting yet challenging task -the aim of our article. We start by investigating the current setting of strong corruptions and derive some refinements like opening attacks that allow to reveal ephemeral secrets of users without their long-lived keys. This allows to consider even stronger attacks against honest, but 'opened' users. Further, we define strong security goals for GKE protocols in the presence of such powerful adversaries and propose a 3-round GKE protocol, named TDH1, which remains immune to their attacks under standard cryptographic assumptions. Our security definitions allow adversaries to register users and specify their longlived keys, thus, in particular capture attacks of malicious insiders for the appropriate security goals such as Mutual Authentication, key confirmation, contributiveness, key control and keyreplication resilience. Keywords: authenticated group key exchange; GKE; contributiveness; insider attacks; key registration; mutual authentication; MA; strong corruptions; tree Diffie-Hellman; TDH1. Reference to this paper should be made as follows: Biographical notes: Emmanuel Bresson received his PhD at the École normale supérieure in Paris. He works as a Cryptography Expert for government teams. His main research subjects involve key exchange mechanisms and authentication for multi-party protocols with provable security. He has published his work in many international conference papers and security focusing journals. Mark Manulis received his PhD in Computer Science from the Ruhr University Bochum in 2007. His research focuses on security and cryptography related to key management, authentication, anonymity and privacy in distributed applications and (wireless) communications

Message Transmission with Reverse Firewalls---Secure Communication on Corrupted Machines

Suppose Alice wishes to send a message to Bob privately over an untrusted channel. Cryptographers have developed a whole suite of tools to accomplish this task, with a wide variety of notions of security, setup assumptions, and running times. However, almost all prior work on this topic made a seemingly innocent assumption: that Alice has access to a trusted computer with a proper implementation of the protocol. The Snowden revelations show us that, in fact, powerful adversaries can and will corrupt users\u27 machines in order to compromise their security. And, (presumably) accidental vulnerabilities are regularly found in popular cryptographic software, showing that users cannot even trust implementations that were created honestly. This leads to the following (seemingly absurd) question: ``Can Alice securely send a message to Bob even if she cannot trust her own computer?!\u27\u27 Bellare, Paterson, and Rogaway recently studied this question. They show a strong lower bound that in particular rules out even semantically secure public-key encryption in their model. However, Mironov and Stephens-Davidowitz recently introduced a new framework for solving such problems: reverse firewalls. A secure reverse firewall is a third party that ``sits between Alice and the outside world\u27\u27 and modifies her sent and received messages so that even if the her machine has been corrupted, Alice\u27s security is still guaranteed. We show how to use reverse firewalls to sidestep the impossibility result of Bellare et al., and we achieve strong security guarantees in this extreme setting. Indeed, we find a rich structure of solutions that vary in efficiency, security, and setup assumptions, in close analogy with message transmission in the classical setting. Our strongest and most important result shows a protocol that achieves interactive, concurrent CCA-secure message transmission with a reverse firewall---i.e., CCA-secure message transmission on a possibly compromised machine! Surprisingly, this protocol is quite efficient and simple, requiring only four rounds and a small constant number of public-key operations for each party. It could easily be used in practice. Behind this result is a technical composition theorem that shows how key agreement with a sufficiently secure reverse firewall can be used to construct a message-transmission protocol with its own secure reverse firewall

Exploring the Creation and Expansion of a Value Regime through the Nascent Technology of Non-Fungible Tokens

How does a new technology become valuable? Existing literature proposes that an object is perceived as valuable due to structures involving the production, evaluation, distribution, and exchange of value. Such structures are termed “value regimes.” While existing work explains the transformation of value regimes or changes in the perceived value of an object as it moves between value regimes, we know less about how value regimes come to be and expand. This study answers this gap by exploring the expansion of the value regime of the nascent technology of non-fungible tokens (NFTs). To theorize the process through which a value regime expands, I collected and analyzed qualitative data composed of interviews, podcasts, newspapers, magazine articles, conferences, and webinars focusing on the NFT market. My analysis demonstrates that the three elements constituting a value regime (normative and cultural values, governance mechanisms, and economic models of value creation and distribution) expand from specific mechanisms that lead to a value regime’s growth. Normative and cultural values support expansion through the promotion of norms and values, the resolution of internal challenges, and challenges to the entry of market actors with misaligned values. Governance mechanisms support expansion through the entry of regulative bodies and the creation of standards. Economic models support expansion through the creation of new modes of value exchange, the creation of new methods of value creation and distribution, and the simplification of exchange mechanisms. Last, I provide potential limits to expansion and expand on the model’s implications for managers

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

Bitcoin Governance as a Decentralized Financial Market Infrastructure

Bitcoin is the oldest and most widely established cryptocurrency network with the highest market capitalization among all cryptocurrencies. Although bitcoin (with lowercase b) is increasingly viewed as a digital asset belonging to a new asset class, the Bitcoin network (with uppercase B) is a decentralized financial market infrastructure (dFMI) that clears and settles transactions in its native asset without relying on the conventional financial market infrastructures (FMIs). To be a reliable asset class as well as a dFMI, however, Bitcoin needs to have robust governance arrangements; whether such arrangements are built into the protocol (i.e., on-chain governance mechanisms) or relegated to the participants in the Bitcoin network (i.e., off-chain governance mechanisms), or are composed of a combination of both mechanisms (i.e., a hybrid form of governance). This paper studies Bitcoin governance with a focus on its alleged shortcomings. In so doing, after defining Bitcoin governance and its objectives, the paper puts forward an idiosyncratic governance model whose main objective is to preserve and maximize the main value proposition of Bitcoin, i.e., its censorship-resistant property, which allows participants to transact in an environment with minimum social trust. Therefore, Bitcoin governance, including the processes through which Bitcoin governance crises have been resolved and the standards against which the Bitcoin Improvement Proposals (BIPs) are examined, should be analyzed in light of the prevailing narrative of Bitcoin as a censorship-resistant store of value and payment infrastructure. Within such a special governance model, this paper seeks to identify the potential shortcomings in Bitcoin governance by reference to the major governance crises that posed serious threats to Bitcoin in the last decade. It concludes that the existing governance arrangements in the Bitcoin network have been largely successful in dealing with Bitcoin’s major crises that would have otherwise become existential threats to the Bitcoin network